OSPFv2 Capture

I already had an OSPFv2 for IPv4 lab on my blog. However, I missed capturing a pcap file in order to publish it. So, here it is. Feel free to have a look at another small lab with three Cisco routers and OSPFv2. Just another pcapng file to practise some protocol and Wireshark skills.

This is an overview of the complete lab. OSPFv2 is in the middle between R4/R5 and R1:

Some notes regarding it:

  • R4 and R5 are uplinks to the Internet, redistributing their default route.
  • Behind R1 there are some more networks coming in via EIGRP, which are redistributed as well.
  • A summary address at R1 is used just for test purposes. It shows up in the routing table as an “is a summary” route with an exit interface of Null0.
  • All three routers are using authentication via MD5. (Note that the keys are only “type 7 encrypted” which can be reverted using online password crackers.)
  • All routers running IOS version 15.1(4)M12a. R4 and R5 are Cisco 2851 routers, while R1 is a 2811.

Here is the pcapng file (zipped). I used my ProfiShark 1G for capturing it in front of R1, interface fa0/0. Have a look, for example, on packet number 9, LS Update, which shows some LSAs of type 5 “AS-External-LSA” advertising the default route among others. Note that OSPF is no TCP/UDP protocol but an own IP protocol with number 89, refer to the IANA Protocol Numbers.

And here are the used OSPF configuration commands for those three routers:


As well as some (many) show commands from R1:


That’s it. Cheers.

For more posts about routing/switching you can follow the Routing” or “Switching” categories concerning various firewall/router vendors, or the “Cisco Router“/”Cisco Switch” tags for posts related to Cisco stuff.

Featured image “Rec” by Jean-Maki Simon is licensed under CC BY-ND 2.0.

Leave a Reply

Your email address will not be published. Required fields are marked *